Yusuf On SecuritySecurity news, opinion and advice

Petya Disk encryption

A massive attack is underway. This has started in the Ukrain but is spreading to the rest of the world fast.  Yes it is about ransomware. It is different than perhaps the one you know. Petya is the name of this ransomware and it is also leveraging Eternalblue’s vulnerability (CVE-2017-0144) This time it is a new variant with an an old technic. It encrypts the volume of the infected devices rather than scrambling individual files.

Petya works by changing Window’s Master Boot Record (MBR). This then causes the Operating System to crash. Naturally when the victime reboots their infected machine, the modified MBR prevents Windows from starting normally.  A ransome message is instead displayed. This asks the victime a Bitcoin equivalent of $300.

WannaCry reveals the state of affairs when it comes to system patches. Knowing this it is perhaps no surprising that this latest interation of what seem to be becoming routing will exploit a lot more machines than perhaps did WannaCry.

So far this has caused havoc on airlines, banks and utilities companies in Europe but also the US and India. At the time of writing WPP, Britain bigger advertising company is offline.

Encryption is a double edge sword and ransomware is the epiphany of how this tool can be abused especially when we are all becoming more and more dependent on having connecting machines. The picture emerging from this escalating problem is that this won’t go away anytime soon. It is a global issue and it certainly needs a global approach.

As I wrote earlier during the WannaCry patch often, patch early and definitely have a well tested backup.

Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts